The Dark Side of Meeting People Online

Not a day goes by in New York City that I don't hear about some kind of abduction. But when it happens because people get to know each other online and then meet in real life, I must report on it so you know the dangers, even if you're an adult!

According to Alison Bowen of Metro New York, police are searching for a suspect they think may have murdered a Queens teacher after they met online. David Rangel, 53, was found choked to death and shoved under his couch in his Jackson Heights apartment Sunday, officials said. A police spokesman said cops responded to a 911 call, after a friend checking on him found the door unlocked and ajar.
Police found Rangel with trauma to his head and blood on the floor and the walls. Councilman Daniel Dromm asked the NYPD to investigate the murder as a hate crime. “The horrific crime committed against David Rangel, an openly gay public school teacher who lived in one of the city's most tolerant communities, is deeply distressing,” Dromm said. Dromm spokesman Alex Florez said Rangel appears to have met someone online. The councilman's concern is that someone may have targeted him because he is openly gay, and that this perhaps led into a potential bias-motivated murder. “Something obviously went terribly wrong there,” Florez said. Rangel taught seventh- and eighth-grade Spanish at P.S. 219. “We are deeply saddened by the loss of a well-liked and respected teacher, David Rangel,” the school’s president, Fred Wright, wrote on Twitter yesterday.

Meanwhile, the family of a Staten Island woman, Sarai Sierra, is searching for her in Turkey, where she disappeared while traveling this month. They, too, are concerned she may have met someone online. She had planned to meet with strangers she met through Instagram, according to the Daily News. Online safety expert Hemu Nigam said that when people sit behind a computer screen, they may wrongly lower their guard.

“When you’re going online, it’s very much like you’re going down a New York alley,” he said. “You don’t know where you’re going, you don’t know what might pop up … yet when you’re on a computer, you do it without thinking twice.”
“If you’re connecting with somebody in the online world, unless you are seeing the whites of their eyes, they should be treated as a stranger to you,” Nigam said. Instead, he said, when people talk online, they can feel very comfortable, because they are in the comfort of their own home. But people should have the opposite reaction. If something seems off, ask for clarification, he advised. “I think your first best friend in all of this is Google,” he said. “You can see if the job they’re talking about actually exists. … if your instincts say there’s something wrong, you’ve got to go with it.”

He also suggests a face-to-face chat on the computer or phone. “If the person refuses because they’re giving you examples like, ‘My hair doesn’t look good today, I’m just not feeling well,’ your senses should go up,” he said. If you do meet someone, perhaps through an online dating website, make sure it is in a public place, and consider having a friend show up two or three tables down or suggesting a group setting.


- As seen in Metro New York Brought to you by NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!



The 25 Most Popular Passwords of 2012

Happy New Year, it's time to change your passwords again. You can't go anywhere online without a password these days. Want to access Xbox Live through your PC? You'll need a password. Logging onto the PlayStation Store? Cough it up. Playing any online games? You know what to do. Not to mention all of your social networking, email, website, and e-commerce passwords.

The problem though, according to Chris Morris at Plugged In, is that most of us just aren't very password-creative. hacker delight in posting usernames and passwords online when they raid a database. To prove the point -- and to help us all make better password decisions -- SplashData compiles an annual list of the most common (and therefore, the worst) passwords from those listings.

The top passwords of 2012 are the same three from a year ago - "password," "123456," and "12345678." In 2012, however, there were some new additions, including "welcome, " "jesus," "ninja," and "mustang." Our favorite newcomer to the list (and yes, we're being sarcastic here), is "password1," a particularly weak attempt at pleasing providers who require a number in your password somewhere.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password," said Morgan Slain, CEO of SplashData. "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."

Gamers in particular need to be vigilant in keeping their passwords strong and safe. Hackers have targeted a number of game companies in recent years, including Blizzard, Bethesda, and, most famously, Sony. Earlier this month, PlaySpan, who handles microtransactions for hundreds of online games, was breached.

If you've got any of these phrases as your password on any system — be it a gaming network, email client, or especially an online banking account -- change it. Change it fast. You're leaving yourself open for hacking that could result in the loss of everything, from hard-won Diablo III items to Microsoft Points you spent real-world money acquiring.

Here's the full 2012 list, along with how the popularity of the phrase has increased or decreased in the past year:


1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Keep creating the same old passwords? Here's a few tips on how to create an cryptic password:

- Use the first letter from each word in a phrase or line from a song. For example, "Hey, I just met you... And this is crazy... But here's my number... So call me maybe" could be "hijmyaticbhmnscmm." Of course, you'll be stuck singing the damn thing in your head every time you log in.

- Combine two words, such as "hungrydog" or "choppywater." For added security, separate those words with symbols or numbers, or swap numbers in place of certain letters. So instead of "hungrydog," use"hungry$d0g."

- If the site is case-sensitive, vary upper and lower case letters, as well as using numbers and symbols. ("ViDeOgAmE," for example, is much more secure than "videogame.")

- As seen in Plugged In
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!



Your Life Is Fully Mobile: We walk, talk and sleep with our phones, but are we more or less connected?

Just as remarkable as the power of mobility, over everything from love to learning to global development, is how fast it all happened.

Nancy Gibbs of Time points out, it is hard to think of any tool, any instrument, any object in history with which so many developed so close a relationship so quickly as we have with our phones. Not the knife or match, the pen or page. Only money comes close—always at hand, don’t leave home without it. But most of us don’t take a wallet to bed with us, don’t reach for it and check it every few minutes, and however useful money is in pursuit of fame, romance, revolution, it is inert compared with a smart phone—which can replace your wallet now anyway.

Whatever people thought the first time they held a portable phone the size of a shoe in their hands, it was nothing like where we are now, accustomed to having all knowledge at our fingertips. A typical smart phone has more computing power than Apollo 11 when it landed a man on the moon. In many parts of the world, more people have access to a mobile device than to a toilet or running water; for millions, this is the first phone they’ve ever had. In the U.S., close to 9 in 10 adults carry a mobile, leaving its marks on body, mind, spirit. There’s a smart-phone gait: the slow sidewalk weave that comes from being lost in conversation rather than looking where you’re going. Thumbs are stronger, attention shorter, temptation everywhere: we can always be, mentally, digitally, someplace other than where we are.

So how do we feel about this? To better understand attitudes about mass mobility, Time, in cooperation with Qualcomm, launched the Time Mobility Poll, a survey of close to 5,000 people of all age groups and income levels in eight countries: the U.S., the U.K., China, India, South Korea, South Africa, Indonesia and Brazil. Even the best survey can be only a snapshot in time, but this is a crisp and textured one, revealing a lot about both where we are now and where the mobile wave is taking us next.

A tool our parents could not have imagined has become a lifeline we can’t do without. Not for a day—in most cases not even for an hour. In Time’s poll, 1 in 4 people check it every 30 minutes, 1 in 5 every 10 minutes. A third of respondents admitted that being without their mobile for even short periods leaves them feeling anxious. It is a form of sustenance, that constant feed of news and notes and nonsense, to the point that twice as many people would pick their phone over their lunch if forced to choose. Three-quarters of 25-to-29-year-olds sleep with their phones.

If Americans have developed surprisingly intimate relationships with their gadgets, they are still modest compared with people in other countries. The Time Mobility Poll found that 1 in 5 Americans has asked someone on a date by text, compared with three times as many Brazilians and four times as many Chinese. Fewer than 1 in 10 married U.S. respondents admitted to using texting to coordinate adultery, vs. one-third of Indians and a majority of Chinese. It may be shocking that nearly a quarter of all U.S. respondents, including a majority of 18-to-35-year-old men, have sent a sexually provocative picture to a partner or loved one. But that trails South Africans’ 45% and Indians’ 54%. Brazilians are especially exuberant, with 64% baring and sharing all.

In most respects, overseas mobile users value their devices the same way Americans do but with a few revealing exceptions. Americans are grateful for the connection and convenience their phones provide, helping them search for a lower price, navigate a strange city, expand a customer base or track their health and finances, their family and friends. But in some ways Americans are still ambivalent; more than 9 in 10 Brazilians and Indians agreed that being constantly connected is mostly a good thing. America’s 76% was actually the lowest score.

Carve up the U.S. population into the general public vs. high-income, highly educated elites and some contrasts come into focus. Elites are more likely to say that they work longer hours and have less time to think but also that mobile has made them more efficient and productive, able to manage more, be away from the office, stay informed about the news and be a better parent. Four in 10 Americans think mobility has helped them achieve a better work-life balance, vs. three-quarters or more of Indians, Indonesians, Chinese and South Africans.

Like any romance moving from infatuation to commitment, the connection between people and their mobile devices reflects what they brought into the relationship in the first place. In countries where connection and convenience were difficult, these mobiles offer a kind of time travel, delivering in the push of a button or touch of a screen the kind of progress other countries built over decades. Which makes you wonder: Just how much smaller and smarter and faster and better might our devices be a decade from now? And how much about our lives and work and relationships is left to be completely transformed as a result? What do you think?!

- As seen in Time
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

How Companies and Cops Snoop on Your Digital Life – Whether You Realize It or Not!

If someone wanted to create a global system for tracking human beings and collecting information about them, it would look a lot like the digital mobile-device network. It knows where you are, and--the more you text, tweet, shop, take pictures and navigate your surroundings using a smart phone--it knows an awful lot about what you're doing.

Which is one reason federal officials turned to Sprint, Verizon, AT&T and T-Mobile in early 2009 when they needed to solve the robbery of a Berlin, Conn., branch of Webster Bank. Using a loophole in a 1986 law that allows warrantless searches of stored communications, the feds ordered the carriers to provide records of phones that used a nearby cell tower on the day of the crime. The carriers turned over to the prosecutors the identities, call records and other personal information of 169 cell-phone users--including two men who were eventually sentenced to prison for the robbery. With a simple request, the feds cracked a case that might have otherwise taken years to solve. In the process, they collected information on 167 people who they had no reason to believe had committed a crime, including details like numbers dialed and times of calls that would have been protected as private on a landline.

Such cases are common. In response to a request from Representative Ed Markey, major cell carriers revealed in July, 2012 that they had received more than 1.3 million requests for cell-phone tracking data from federal, state and local law-enforcement officials in 2011. By comparison, there were 3,000 wiretap warrants issued nationwide in 2010. That revelation has added to a growing debate over how to balance the convenience and security consumers now expect from their smart phones with the privacy they traditionally have wanted to protect. Every second we enjoy their convenience, smart phones are collecting information, recording literally millions of data points every day.

The potential for good is undeniable. In recent years, the average time it takes the U.S. Marshals Service to find a fugitive has dropped from 42 days to two, according to congressional testimony from Susan Landau, a Guggenheim fellow. Cell phones have changed criminal investigation from the ground up. "There is a mobile device connected to every crime scene," says Peter Modafferi, the chief of detectives in Rockland County, New York.

But as smart phones' tracking abilities have become more sophisticated, law enforcement, phonemakers, cell carriers and software makers have come under fire for exploiting personal data without the knowledge of the average user. Much of the law protecting mobile privacy in the U.S. was written at the dawn of the cell-phone era in the 1980s, and it can vary from state to state. Companies have widely differing privacy policies. Now conservatives and liberals on Capitol Hill are pushing legislation that would set new privacy standards, limiting law-enforcement searches and restricting what kinds of information companies can collect.

Government snooping is part of the worry. But market demand is driving some of the biggest collectors of data. Mobile advertising is now a $6 billion industry, and identifying potential customers based on their personal information is the new frontier. Last year, reports showed that free and cheap apps were capable of everything from collecting location information to images a phone is seeing. One app with image-collection capabilities, Tiny Flashlight, uses a phone's camera as a flashlight and has been installed at least 50 million times on phones around the world. Tiny Flashlight's author, Bulgarian programmer Nikolay Ananiyev, tells Time that his program does not collect the images or send them to third parties.

In November 2012, news broke that a company named Carrier IQ had installed software on as many as 150 million phones that accesses users' texts, call histories, Web usage and location histories without users' knowing consent. Carrier IQ says it does not record, store or transmit the data but uses it to measure performance. In February, Facebook, Yelp, Foursquare and Instagram apps, among others, were reported to be uploading contact information from iPhones and iPads. The software makers told the blog VentureBeat that they only use the contact information when prompted by users. "No app is free," says one senior executive at a phone carrier. "You pay for them with your privacy."

Many consumers are happy to do so, and so far there hasn't been much actual damage, at least not that privacy advocates can point to. The question is where to draw the line. For instance, half of smart-phone users make banking transactions via their mobile device. The Federal Trade Commission has brought 40 enforcement cases in recent years against companies for improperly storing customers' private information.

Law enforcement is subject to some oversight. Absent an emergency, prosecutors and police must convince a judge that the cell information they are seeking from wireless companies is material to a criminal case under investigation. An unusual alliance between liberals and conservatives is pushing a bill to impose the same requirements for getting cell tracking data as those that are in place when cops want to get a warrant to search a house. Another bill would increase restrictions on what app writers can do with personal information. Cases moving through the courts may limit what law enforcement can do with GPS tracking.

Tech companies are trying to get a handle on the issue. Apple has a single customer-privacy policy. Google posts the permissions that consumers give each app to operate their phones' hardware and software, including authorization to access camera and audio feeds and pass on locations or contact info. The rush to keep up with technology will only get harder: the next surge in surveillance is text messaging, industry experts say, as companies and cops look for new ways to tap technology for their own purposes.
- As seen in Time
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Happy New Year: Now Measure My Results, Not My Hours

Too many businesses judge an employee’s performance by hours worked rather than by value created. It's time to get with the program and understand that "face time" is beyond overrated.

Accolades to Robert Pozen of The New York Times who, yet again, brings up the fact too many businesses judge an employee’s performance by hours worked rather than by value created. As a result, workers who complete their tasks faster wind up procrastinating, surfing the Web, or rereading emails long after the clock strikes five, simply in order to be seen in the office.

Studies suggest that workers are right to believe they are better off sticking around to avoid getting labeled as slackers. Managers in one recent study described employees seen in the office as “dependable” and “reliable,” and those who came in over the weekend as “committed” and “dedicated.” These reactions are unfortunate “remnants of the industrial age,” when hours logged on the assembly line translated directly into more products.

But measuring performance by hours worked “makes no sense for knowledge workers” in the 21st century, and bosses who implicitly reward those who stay late “are undermining incentives for workers to be efficient.” Many organizations will struggle with learning to focus on results rather than hours. But if you can convince your boss to make that switch, it “will help you accomplish more at work”—and that’s something any boss can value.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

My Digital Nightmare: A Hacker Stole My Family Photos and Upended My Life, and It Could Easily Happen to You

In the space of one hour, my entire digital life was destroyed, said Mat Honan of Wired. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, 2012, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group. The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my me.com e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 4:52 p.m., a Gmail password recovery e-mail arrived in my me.com mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

Lulz.

I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my me.com account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Mat Honan’s digital devices — and data.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run me.com e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

Be careful with your Amazon account — or someone might buy merchandise on your credit card, but send it to their home.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on."

Additional reporting by Roberto Baldwin and Christina Bonnington. Portions of this story originally appeared on Mat Honan’s Tumblr.
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Virtual Princeton: A Guide to Free Online Ivy League Classes

Elite universities are opening their classrooms' doors to anyone with an Internet connection — for free! The company Coursera has teamed up with 16 universities (including Stanford, Duke, and Princeton) to offer more than 100 free online courses to anyone with Internet access.

Why are colleges offering free classes?
They don't want to be left behind in the digital revolution that has already transformed the way we consume news, music, and books. Stanford, Duke, Princeton, and Johns Hopkins are among the 16 universities that have partnered with a newly launched company called Coursera to offer more than 100 free online courses this academic year; MIT, Harvard, and the University of California, Berkeley, are following suit through a nonprofit venture called edX. Now people anywhere in the world can take Stanford's "Introduction to Mathematical Thinking," learn the "Principles of Obesity Economics" at Johns Hopkins, or have Duke University behavioral economist Dan Ariely lead them through "A Beginner's Guide to Irrational Behavior"—all without paying the $50,000 usually required to attend these world-class universities. More than 1 million people from scores of countries have already enrolled in the free classes, which some believe could transform the mission and model of higher education. Anant Agarwal, president of edX, calls it "the single biggest change in education since the printing press."

What's in it for colleges?
Prestige now, and possibly profit later. Schools say they're willing to give their product away for free so they don't miss the chance to be among the first to develop new forms of education. "The potential upside for this experiment is so big that it's hard for me to imagine any large research university that wouldn't want to be involved," said Richard DeMillo, director of the Center for 21st Century Universities at Georgia Tech. One day the schools will likely try to make some money, too, possibly by charging students for credits or allowing companies to sponsor courses. But universities recognize that they could be jeopardizing their hard-won reputations and their time-tested business model, said Jason Wingard, a vice dean of the University of Pennsylvania's Wharton School. "You run the risk of potentially diluting your brand."

How do the classes work?
Much like a typical college lecture course, but with an audience in the tens or even hundreds of thousands. At a time of their choosing, students watch videos of lectures by respected professors, and complete interactive quizzes and regular homework to prove they grasp the material. The Web videos incorporate graphics and virtual games, and students can pose questions and debate one another in online discussion groups. Professors say it's thrilling to reach so many students at once, from teenagers in India to baby boomers in Indiana. Coursera co-founder Andrew Ng, a Stanford computer science professor, recently taught an online class to more than 100,000 students. To reach that many people, Ng said, "I would have had to teach my normal Stanford class for 250 years."

Are the classes effective?
Some educators doubt that virtual classes can match the experience of face-to-face learning. Online education "tends to be a monologue and not a real dialogue," said University of Virginia English professor Mark Edmundson. There's also an extremely high attrition rate: Of the 160,000 people who enrolled in a Stanford artificial intelligence course last year, only 23,000 finished the work. But the feedback that could improve these courses is just beginning to roll in, and there's already some evidence that students who stick with online courses learn just as much as those in conventional classes. "This is the Wild West," said Agarwal. "There's a lot of things we have to figure out."

Will this trend make college cheaper?
There are grounds for hope. Since 1985, U.S. college tuition rates and fees have grown by 559 percent. In theory, online courses could cut costs by enabling universities to outsource coursework to the Internet and do away with or share some academic departments. Fewer students would need campus housing and other services. Universities have so far opposed giving credit for free classes, instead conferring certificates that don't count toward a degree. But that's already starting to change, with the University of Washington offering credit for Coursera classes this fall.

Could the web replace universities?
Not anytime soon. "Why do people pay $50,000 a year to attend an institution like Caltech?" Ng said. "The real value is the interactions with professors and other equally bright students." Still, even a remote dose of elite education can have great value to students who have no chance of setting foot on an Ivy League campus. And lessons drawn from the courses could reshape how colleges approach teaching, turning the ability to offer a mix of online and face-to-face learning into the new gold standard for top-notch educators. Sebastian Thrun, a Stanford research professor who offers free online computer science classes, predicts that there will be only 10 higher-education institutions in the world in 50 years. "It's pretty obvious that degrees will go away," he said. "The idea of a degree is that you spend a fixed time right after high school to educate yourself for the rest of your career. But careers change so much over a lifetime now that this model isn't valid anymore." In the future, he says, people will return to college throughout their lives, updating what they know through online courses.

A fresh start for the jobless
Free online courses might have millions of immediate beneficiaries among unemployed workers who need job retraining. Even with a law degree from the University of Chicago, Dennis Cahillane, 29, couldn't get hired. But after taking several free Stanford courses in building databases, he recently landed a job as a programmer for a media website. And now he is planning to work his way through Coursera classes in his spare time until he's earned "the equivalent of a B.A. in computer science from Stanford," he told Fast Company. Andy Rice, who owns a weather forecasting company in Minnesota, says he's heartened when he sees resumes from job applicants listing free courses. "I definitely want to hire people who are always questing for new knowledge," he said. "Life's not about what you learn when you're 22."

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

How Teens’ Texts Lead to Unsafe Sex

Teenagers who engage in sexting—sending sexually explicit texts—are far more likely to begin having intercourse at an early age and engage in other risky behavior, a new study has found.
The study of 1,800 Los Angeles high school students shows that one in seven has sent a “sext” message, and that those who have are seven times more likely to be sexually active. Teens who sext—especially girls— are also more likely to have unprotected sex, sleep with multiple partners, and use drugs or alcohol before having intercourse.
“What we really wanted to know is, is there a link between sexting and taking risks with your body? And the answer is a pretty resounding ‘yes,’” study author Eric Rice, a researcher at the University of Southern California, tells Reuters.com. The fact that some teen girls have suffered humiliation when ex-boyfriends widely distributed photos of them naked doesn’t seem to be registering.
“There is an emerging sense of normalcy around sexting behavior,” Rice says. Some 54 percent of teens say they have a friend who sexts, which makes them 17 times more likely to try it themselves. “If their friends do it,” Rice says, “they’re going to do it.”
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

The Digital 100: The World's Most Valuable Private Tech Companies in 2012

Business Insider evaluated private tech companies and ranked the top 100 by value. Their rankings are based on several metrics, including revenue, users, market opportunities, growth rates, and the perception of investors and tech gurus.




Here they are, The Digital 100, enjoy!
1. Alibaba
2. Bloomberg
3. Twitter
4. 360Buy
5. Palantir
6. Dropbox
7. Square
8. MLB.com
9. Softlayer
10. Vente-Privee
11. VANCL
12. Airbnb
13. Pinterest
14. Datapipe
15. Spotify
16. Craigslist
17. Flipkart
18. Ozon Group
19. Coupang
20. Wonga
21. Hulu
22. Klarna
23. Kaspersky Lab
24. Rovio
25. Conduit
26. Aricent Group
27. Survey Monkey
28. Mu Sigma
29. ZocDoc
30. Just Eat
31. Gilt Groupe
32. Everyday Health
33. Evernote
34. LivingSocial
35. Criteo
36. Zulily
37. Zoosk
38. Redfin
39. Qualtrics
40. Seamless
41. Media Ocean
42. JustDial
43. 10gen
44. AppNexus
45. GitHub
46. Tumblr
47. Box.net
48. Glam Media
49. Stella & Dot
50. Marketo
51. Etsy
52. One Kings Lane
53. Nasty Gal
54. Klout
55. Automattic
56. Xiu
57. Manta
58. Eventbrite
59. Sugar, Inc
60. Kickstarter
61. Apptio
62. Fresh Direct
63. eHarmony
64. Veracode
65. Wix
66. Turn
67. Quantcast
68. Nest
69. Fab
70. Foursquare
71. Storm8
72. Flipboard
73. Vibrant Media
74. Rubicon Project
75. OpenX
76. Return Path
77. Quora
78. Snapdeal
79. Tremor Video
80. RightScale
81. Whaleshark/RetailMeNot
82. Break Media
83. Tagged
84. Yext
85. Stripe
86. Rocket Fuel
87. Mind Candy
88. AddThis
89. SoundCloud
90. Xirrus
91. Federated Media
92. Say Media
93. Yodle
94. Coupons.com
95. Path
96. Shazam
97. Plenty of Fish
98. Warby Parker
99. Thrillist
100. Vox Media


- As seen in
Business Insider
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

How to Clean Up Your Online Image

You would never let your front porch or storefront become dilapidated. You would never hand out a crumpled resume or business card. And you would never show up to an big meeting with mismatched socks a stain on your shirt. These days, maintaining your digital footprint can be just as important. So how do you go about cleaning up your online image? Here's how:

1. Assess the damage. Now there's a reason to spend hours Googling yourself or better yet, to plug your name into 123people.com, which digs up harder-to-find info. You can tackle minor stains yourself but if there's a lot to bury, hire a pro like Reputation.com or ElixirInteractive.com

2. Start cleaning. Scour your Twitter, Facebook, and other social networking accounts and delete and dodgy photos or comments you've posted. If necessary, close down questionable accounts.

3. Push the positives. Blogs rank high in Google's algorithms so consider starting a blog about your interests. If you don't have time to post regularly, start a personal Web site instead, using a template from Wix.com or Webs.com. To find free, comprehensive advice on building a positive online presence, check out BrandYourself.com.
- As seen in Details
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Meet Baxter: The Humanoid Robot to Revolutionize U.S. Manufacturing

Rethink Robotics unveils Baxter, a robot that can work alongside humans. According to Valentin Schmid at The Epoch Times, Baxter could revolutionize the way American companies operate as they shift production back to the United States using the humanoid robot to save on costs. Rethink Robotics unveiled its flagship product to the public September 18, 2012.

“Roboticists have been successful in designing robots capable of super-human speed and precision. What’s proven more difficult is inventing robots that can act as we do—in other words, that are able to inherently understand and adapt to their environments,” said company founder Rodney Brooks, an artificial intelligence legend and robotics pioneer having spent much of his life teaching at MIT. Rethink was founded in 2008 with the purpose of designing a robot like Baxter and carries a few other products. It is currently owned by venture capital firms and Brooks.

He further notes that providing a flexible and inexpensive solution—the robot costs only $22,000—Rethink specifically hopes to contribute to a revival in American manufacturing. “We believed that if we could cross that chasm with the manufacturing environment specifically in mind, we could offer new hope to the millions of American manufacturers who are looking for innovative ways to compete in our global economy.”
Baxter Solves Problem of Safety, Adaptability, and Programming

Baxter, which is exclusively produced in the United States and will first ship in October, aims to solve some of the long-standing issues with automation. The most important one is safety, as most industrial robots on assembly lines operate far away from humans or need to be caged to prevent injury. Rethink’s robot, which has a screen as a head and big flexible arms, is also equipped with Sonar sensors and software that help it detect human activity. In addition, it is programmed to stop its relatively gentle movements as soon as it detects resistance. A promotional video shows the robot standing on a fixed platform and the company has not commented on whether it can also walk.

“The class of products that can work side by side with people without any protection, those would be important developments. They could take robots from a factory environment … where people would have to be kept away, into more areas … some outside of factories,” says Jeff Burnstein, president of the Robotic Industries Association, an organization that provides education and information for companies interested in automating workflows.

Another big advantage is the ease of use. Normally, industrial robots need technical personnel to be programmed to perform a limited amount of tasks in an effort that involves special software and more often than not can take up to a full day. Baxter, which can be employed in less than an hour after being delivered, can be trained by any type of personnel by merely showing it how to perform a wide range of tasks, such as material handling, line loading, light assembly, or packing products.

In practice this would mean that the employee would move Baxter’s arms to perform the desired process and chose one of several preprogrammed options by way of twisting a few dials. The robot can also adapt to changes in the environment, for example if it drops an object, it knows to get another before trying to finish the task, unlike other robots, which have been seen picking air for a whole day, if no human supervises them.

“This class of robots doesn’t need a whole lot of programming. … That’s important. There are a number of companies that either don’t have the in-house expertise or they don’t want to pay for outside assistance,” said Burnstein in an Epoch Times interview.

“Because of its versatility and the short amount of time it takes to retrain, Baxter can be easily moved by production personnel to different and varying tasks over the course of a day, week, and month,” says the company’s press release. Most of the claims that the company makes in the press release can be tracked in a promotional video and also have been tried in practice when Baxter was on loan at Vanguard Plastics, a small manufacturer based in Connecticut, writes Will Knight of technologyreview.com.

Jeff Burnstein cautions, however, that the ultimate success will be determined after the product is rolled out. “Until these products are out in big numbers you don’t know if they are safe or not.”

If Baxter or similar robots can be rolled out on a large scale, it could mean big things for American manufacturing. Given the fact that robots like Baxter are inexpensive, flexible, and do not need much maintenance in terms of programming, they can be used in companies of all sizes that face tough options in competing with low-wage countries. AFL-CIO, the umbrella federation for 56 U.S. unions cites Bureau of Labor Statistics data saying that 5.5 million jobs were lost in the process of offshoring.

“This development will either save or create new jobs,” believes Burnstein. “We would hope that companies that would have otherwise either closed down because they can’t compete or sent manufacturing jobs overseas will decide to automate in order to keep jobs in the United States.”

Bob Baugh, executive director of the AFL-CIO industrial union council, representing the manufacturing unions within the umbrella organization agrees: “If you are more productive this way, you can share the benefits. … The productivity is shared with the workforce and the community and the country in a sense that people earn better wages and income. They are compensated for these productivity gains that come with the interface with human interaction with technology to produce goods.”

The idea is as follows: A humanoid robot would boost human labor productivity in such a way that it would reduce costs and boost output without reducing employment here. Increased output at lower costs would mean more capital accumulated and wages paid in the United States, leading to greater economic prosperity, even outside manufacturing.

A simple example would see an American company closing its factory in China, because it is upset with intellectual property theft and corrupt business practices as well as rising wages over there. It would then reopen production in the United States, hiring workers and supplementing them with flexible automation solutions. Jobs and output are created in the United States, leading to more jobs and output created in the United States.

Jeff Burnstein sees numerous reasons why reshoring makes sense: “When you build domestically you are closer to your customers, you don’t have to deal with political instability … the fear of your IP being stolen. There are a lot of reasons if all things are equal why you would want to build domestically. … Automation and robotics in particular is allowing companies to do that, we are seeing signs of that.”

According to Bob Baugh, automation is also seen as a positive by the unions, as long as some standards are met: “Workers need to be compensated well and have a good work environment where they do these things and that they have the skills to operate the technology and equipment.” These new developments in automation seem to be a win-win situation that might even lead to American companies becoming export leaders again one day in the not too distant future.
- As seen in The Epoch Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

U.S. is Tightening Web Privacy Rule to Protect Young

Federal regulators are about to take the biggest steps in more than a decade to protect children online. According to Natasha Singer of The New York Tiems, the moves come at a time when major corporations, app developers and data miners appear to be collecting information about the online activities of millions of young Internet users without their parents’ awareness.
Some sites and apps have also collected details like children’s photographs or locations of mobile devices; the concern is that the information could be used to identify or locate individual children. For example, McDonald’s invites children who visit HappyMeal.com to upload their photos so they can make collages or videos.

These data-gathering practices are legal. But the development has so alarmed officials at the Federal Trade Commission that the agency is moving to overhaul rules that many experts say have not kept pace with the explosive growth of the Web and innovations like mobile apps. New rules are expected within weeks.

“Today, almost every child has a computer in his pocket and it’s that much harder for parents to monitor what their kids are doing online, who they are interacting with, and what information they are sharing,” says Mary K. Engle, associate director of the advertising practices division at the F.T.C. “The concern is that a lot of this may be going on without anybody’s knowledge.”

The proposed changes could greatly increase the need for children’s sites to obtain parental permission for some practices that are now popular — like using cookies to track users’ activities around the Web over time. Marketers argue that the rule should not be changed so extensively, lest it cause companies to reduce their offerings for children.

“Do we need a broad, wholesale change of the law?” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry association. “The answer is no. It is working very well.”

The current federal rule, the Children’s Online Privacy Protection Act of 1998 (COPPA), requires operators of children’s Web sites to obtain parental consent before they collect personal information like phone numbers or physical addresses from children under 13. But rapid advances in technology have overtaken the rules, privacy advocates say.

Today, many brand-name companies and analytics firms collect, collate and analyze information about a wide range of consumer activities and traits. Some of those techniques could put children at risk, advocates say.

Under the F.T.C.’s proposals, some current online practices, like getting children under 13 to submit photos of themselves, would require parental consent.

Children who visit McDonald’s HappyMeal.com, for instance, can “get in the picture with Ronald McDonald” by uploading photos of themselves and combining them with images of the clown. Children may also “star in a music video” on the site by uploading photos or webcam images and having it graft their faces onto dancing cartoon bodies.

But according to children’s advocates, McDonald’s stored these images in directories that were publicly available. Anyone with an Internet connection could check out hundreds of photos of young children, a few of whom were pictured in pajamas in their bedrooms, advocates said.

In a related complaint to the F.T.C. last month, a coalition of advocacy groups accused McDonald’s and four other corporations of violating the 1998 law by collecting e-mail addresses without parental consent. HappyMeal.com, the complaint noted, invites children to share their creations on the site by providing the first names and e-mail addresses of their friends.

“When we tell parents about this they are appalled, because basically what it’s doing is going around the parents’ back and taking advantage of kids’ naivete,” says Jennifer Harris, the director of marketing initiatives at the Yale Rudd Center for Food Policy and Obesity, a member of the coalition that filed the complaint. “It’s a very unfair and deceptive practice that we don’t think companies should be allowed to do.”

Danya Proud, a spokeswoman for McDonald’s, said in an e-mail that the company placed a “high importance” on protecting privacy, including children’s online privacy. She said that McDonald’s had blocked public access to several directories on the site.

Last year, the F.T.C. filed a complaint against W3 Innovations, a developer of popular iPhone and iPod Touch apps like Emily’s Dress Up, which invited children to design outfits and e-mail their comments to a blog. The agency said that the apps violated the children’s privacy rule by collecting the e-mail addresses of tens of thousands of children without their parents’ permission and encouraging those children to post personal information publicly. The company later settled the case, agreeing to pay a penalty of $50,000 and delete personal data it had collected about children.

It is often difficult to know what kind of data is being collected and shared. Industry trade groups say marketers do not knowingly track young children for advertising purposes. But a study last year of 54 Web sites popular with children, including Disney.go.com and Nick.com, found that many used tracking technologies extensively.

“I was surprised to find that pretty much all of the same technologies used to track adults are being used on kids’ Web sites,” said Richard M. Smith, an Internet security expert in Boston who conducted the study at the request of the Center for Digital Democracy, an advocacy group.

Using a software program called Ghostery, which detects and identifies tracking entities on Web sites, a New York Times reporter recently identified seven trackers on Nick.com — including Quantcast, an analytics company that, according to its own marketing material, helps Web sites “segment out specific audiences you want to sell” to advertisers.

Ghostery found 13 trackers on a Disney game page for kids, including AudienceScience, an analytics company that, according to that company’s site, “pioneered the concept of targeting and audience-based marketing.”

David Bittler, a spokesman for Nickelodeon, which runs Nick.com, says Viacom, the parent company, does not show targeted ads on Nick.com or other company sites for children under 13. But the sites and their analytics partners may collect data anonymously about users for purposes like improving content. Zenia Mucha, a spokeswoman for Disney, said the company does not show targeted ads to children and requires its ad partners to do the same.

Another popular children’s site, Webkinz, says openly that its advertising partners may aim at visitors with ads based on the collection of “anonymous data.” In its privacy policy, Webkinz describes the practice as “online advanced targeting.”

If the F.T.C. carries out its proposed changes, children’s Web sites would be required to obtain parents’ permission before tracking children around the Web for advertising purposes, even with anonymous customer codes.

Some parents say they are trying to teach their children basic online self-defense. “We don’t give out birth dates to get the free stuff,” said Patricia Tay-Weiss, a mother of two young children in Venice, Calif., who runs foreign language classes for elementary school students. “We are teaching our kids to ask, ‘What is the company getting from you and what are they going to do with that information?’ ”

- As seen in The New York Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Squishy Robots That Can Hide and Seek

Researchers have built soft-bodied robots that can either blend into or stand out in their environment by changing their color. According to Sindya Bhanoo of The New York Times, these silicone-based robots can also glow in the dark.

The rubbery, four-legged robots mimic the behavior of soft-bodied creatures like sea stars and squid. Most robots today are large and rigid and mimic the movements of mammals.

“Starfish and things of this kind are simpler than mammals,” said George M. Whitesides, a chemist at Harvard who is involved in the research. “Less able to pick up a door, but maybe able to perform other tasks.”

He and his colleagues published their findings in the current issue of the journal Science.

The soft robots are made of a silicone-based polymer called polydimethylsiloxane, or PDMS. They were created using 3-D printers, as were the recently added “color layers.”

The color layers were built with channels into which researchers could pump colored liquids to change the colors and patterns of the robots as desired.

By pumping heated or cooled liquids into the channels, the researchers were also able to camouflage the robots in the infrared.

The coloration feature may one day be useful in building search-and-rescue robots, Dr. Whitesides said. By using color, the robots can serve as a visual marker to help search crews.

“They are very light and can make their way across mud in a way that a heavy robot would have trouble with,” Dr. Whitesides said. “A way of seeing a robot there is to make it very visible in the infrared.”

The robots can also pick up fragile objects, like uncooked eggs and fruits, he said — or even a live mouse.

As a bonus, the soft-bodied robots are inexpensive to build. The current prototypes cost less than $10 each.

- As seen in The New York Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!